[Freeipa-devel] [PATCH] 0257 Add initial CA-less installation tests
Petr Viktorin
pviktori at redhat.com
Wed Aug 28 15:15:10 UTC 2013
On 08/28/2013 03:23 PM, Jan Cholasta wrote:
> On 27.8.2013 10:16, Petr Viktorin wrote:
>> On 08/26/2013 09:23 AM, Jan Cholasta wrote:
>>> On 22.8.2013 09:46, Petr Viktorin wrote:
>>>> On 08/16/2013 07:13 PM, Petr Viktorin wrote:
>>>>> On 07/30/2013 05:47 PM, Petr Viktorin wrote:
>>>>>> Hello,
>>>>>> This patch implements the first batch of integration tests for
>>>>>> CA-less
>>>>>> intallation. Tests from
>>>>>> http://www.freeipa.org/page/V3/CA-less_install
>>>>>> up to "IPA server install with missing DS PKCS#12 password" are
>>>>>> included.
>>>>>>
>>>>>> Running this already takes an hour in the lab I use, so I decided to
>>>>>> split the patch up and post the first part for review now.
>>>>>>
>>>>>> The two tests for revoked certificates fail. This is expected as we
>>>>>> don't handle revoked certs yet.
>>>>>
>>>>> Continuing, this patch includes all tests except the ones for UI
>>>>> (pvoborni's patch 443) and certinstall (I'll review jcholast's fixes
>>>>> first).
>>>>> See commit message for details.
>>>>
>>>> Here is the completed patch, with all test except the Web UI ones.
>>>>
>>>
>>> >- The following case is omitted as it is invalid:
>>> > - Verify that IPA client install does not configure certmonger
>>>
>>> Instead of making a note in the commit, I would prefer if you deleted
>>> the test case. There's no need to keep it if it's invalid, right?
>>>
>>> Honza
>>>
>>
>> You're right. I've deleted the case from the test plan.
>>
>
> Thanks.
>
> The service-disable and host-disable tests fail with AlreadyInactive,
> because the certificate is removed with service-mod and host-mod in
> earlier tests. I think the service and host command tests should look
> like this:
>
> 1. Verify that {service,host}-del does not attempt to revoke
> {host,service}'s certificate
> {service,host}-add
> {service,host}-del
>
> 2. Verify that {service,host}-mod does not attempt to revoke
> {host,service}'s certificate
> {service,host}-add
> {service,host}-mod
> {service,host}-del
>
> 3. Verify that {service,host}-disable does not attempt to revoke
> {host,service}'s certificate
> {service,host}-add
> {service,host}-disable
> {service,host}-del
Fixed. I've used context managers so the -del isn't skipped when there's
an error.
> There are a few wrong docstrings:
>
> + def test_service_mod_doesnt_revoke(self):
> + "Verify that service-mod does not attempt to revoke host's
> certificate"
>
> + def test_service_del_doesnt_revoke(self):
> + "Verify that service-del does not attempt to revoke host's
> certificate"
>
> + def test_ds_san(self):
> + "Install new HTTP certificate with SAN"
>
Fixed.
Thanks for the review, fixed patch attached.
The service-disable test still fails, due to
https://fedorahosted.org/freeipa/ticket/3886.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0257.5-Add-CA-less-install-tests.patch
Type: text/x-patch
Size: 60577 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130828/aeab8862/attachment.bin>
More information about the Freeipa-devel
mailing list